Export limit exceeded: 345225 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345225 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31365 | 2026-04-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Post Type Builder (PTB) allows Reflected XSS.This issue affects Post Type Builder (PTB): from n/a before 2.1.1. | ||||
| CVE-2024-31366 | 2026-04-15 | 7.1 High | ||
| Missing Authorization vulnerability in Themify Post Type Builder (PTB).This issue affects Post Type Builder (PTB): from n/a through 2.0.8. | ||||
| CVE-2024-3137 | 2026-04-15 | N/A | ||
| Improper Privilege Management in uvdesk/community-skeleton | ||||
| CVE-2024-31372 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Arnan de Gans No-Bot Registration.This issue affects No-Bot Registration: from n/a through 1.9.1. | ||||
| CVE-2024-31375 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads.This issue affects WP2LEADS: from n/a through <= 3.2.7. | ||||
| CVE-2024-31376 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Andrew Dashboard To-Do List dashboard-to-do-list.This issue affects Dashboard To-Do List: from n/a through <= 1.3.1. | ||||
| CVE-2024-31377 | 1 Opajaap | 1 Wp Photo Album Plus | 2026-04-15 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001. | ||||
| CVE-2024-31379 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through 4.2.1. | ||||
| CVE-2024-3138 | 2026-04-15 | 3.5 Low | ||
| ** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-258911. NOTE: The vendor explains that the PDF is opened by the browser app in a sandbox, so no data from the website should be accessible. | ||||
| CVE-2024-31380 | 2026-04-15 | 9.9 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Oxygen Builder allows Code Injection. Vendor is ignoring report, refuses to patch the issue.This issue affects Oxygen Builder: from n/a through 4.9. | ||||
| CVE-2024-31381 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in RebelCode Spotlight Social Media Feeds.This issue affects Spotlight Social Media Feeds: from n/a through 1.6.10. | ||||
| CVE-2024-31385 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. | ||||
| CVE-2024-31387 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Popup LikeBox Team Popup Like box allows Stored XSS.This issue affects Popup Like box: from n/a through 3.7.2. | ||||
| CVE-2024-31388 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Pauple Table & Contact Form 7 Database – Tablesome.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.25. | ||||
| CVE-2024-31389 | 2026-04-15 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Ertano MihanPanel.This issue affects MihanPanel: from n/a before 12.7. | ||||
| CVE-2024-31390 | 2 Soflyy, Wordpress | 2 Breakdance, Wordpress | 2026-04-15 | 9.9 Critical |
| : Improper Control of Generation of Code ('Code Injection') vulnerability in Soflyy Breakdance allows : Code Injection.This issue affects Breakdance: from n/a through 1.7.2. | ||||
| CVE-2024-31406 | 1 Roamwifi | 1 R10 | 2026-04-15 | 8.8 High |
| Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized operations. | ||||
| CVE-2024-31407 | 1 Intel | 1 High Level Synthesis Compiler Software | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-31408 | 2026-04-15 | N/A | ||
| OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request. | ||||
| CVE-2024-31412 | 1 Omron | 1 Cx-programmer | 2026-04-15 | 7.8 High |
| Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed. | ||||